IN THE SPECIFICATION : 

Please amend the Specification as follows. 

Please amend the title as follows : 

METHOD AND APPARATUS TO GENERATE PACKET VALIDATION 
INFORMATION FOR PACKET SECURIT Y FOR PROTOCOL TRiW^RSAL 



Please replace paragraphs FOOOSL r0022L [00301. [00471 and [00491 of the 
specification as follows : 

[0005] This invention is related to security and more particularly security 
protocols to protect user packets. There are currently two main security 
protocols; Ipsec (Intemet Protocol Security, as described, for example, in S. 
Kent, R. Atkinson, Security Architecture for the Intemet Protocol", RFC 
2401, November 1998) and SKIP (Simple Key Management for Intemet 
Protocols , information is availabl e , for e xample, from www.sldp.org, an 
overvi e w can b e found in http://www.tik. e e.ethz.ch/ skip /SKIP.html) . 

[0022] Reference C of FIG. 1 denotes a middle node or intermediate node. 
The node C can have the same structure as the node B, i.e., can be a server 
or the like, or can be a router. The intermediate nodes are also called 
middle-box 5 entities (d e scrib e d, fef e xample, m 
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http://\\^^^v.iotf.org/htmlxhart e rS/mido01Wcharter.html) in IETF . Similar 
to the receiving node B, also such an intermediate node might need to 
verify the validity of the message and to make sure that the message was 
sent from A and was not modified along the way (data origin 
authentication, integrity protection). Thus, also the intermediate node C 
includes a validity check function CI, similar as the corresponding validity 
check function Bl of the node B. 

[0030] The field H4 includes the Public Key verification information. This 
information indicates how the receiving nodes can verify that the Public 
Key belongs to the claimed entity (i.e., the sending node). This field can 
e.g. include a Certificate, or just the indication that CGA has been applied 
(CGA: Cryptographically Generated Address, as described, for example, in 
Cryptographically Generated Addresses by Tuomas Aura, February 20037 
(http://w\\^v.ietf org/int e met drafts/draft - aura - cga - QO.txt - ) . 

[0047] Another example for a mechanism for preventing replay attacks is 
the use of nonces. Further applicable anti-replay attack mechanisms are 
described in document: "On Preventing Replay Attacks on Security 
Protocols" by Sreekanth Malladi, Jim Alves-Foss, Robert B. Heckendom, 
Center for Secure and Dependable Systems, Department of Computer 



Science, University of Idaho, Moscow, ID 83844 USA 
http://w\vw.cs,uidaho.odu/ jima f/docs/r e play 02.pdf . 



[0049] According to the second embodiment, not every single packet will 
contain the security header. In particular, according to the second 
embodiment, the security header is added only to some specific packets. 
Possible applications are Mobile IPv6 and NSIS (N e xt Steps In signaling, 
d e scrib e d — in — http://www.ietf.org/htmLcharters/nsis - charter.html, — 
e xample) . In Mobile IPv6 case, in order to allow firewalls to be able to 
process Mobile IPv6 packets correctly and therefore detect, read and 
authenticate Binding Update messages without requiring the firewall (FW) 
and the multiple node (MN) to have a pre-shared security relation, only 
packets containing Binding Update messages need to have such security 
header. In case of NSIS signaling used e.g. in the TIST meaning (i.e. to 
allow a MN to communicate with a firewall without sharing any security 
association), again only specific packets carrying the signaling will contain 
the security header. So, the processing of asymmetric encryption is limited 
to a few elements in the networks and only to a few packets, and not to all 
packets of the communication. 
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Please replace the Abstract with the following : 

A method for protecting packets to be sent from a first network node to a 
second network node is provided. According to on e e mbodiment, th eThe 
metho d ma y includ e s th e st e ps include, for example.- ef generating validity 
information for a packet, and generating a header for the packe t, including 
which includes the validity information. The method also inolud e sj may 
includ e th e step of sending the packet including the header from the first 
network node to the second network node. The validity information 
includes all necessary information required for performing a validity check 
of the packet. Thus, no pre-established security association is needed to 
verify the validity of a packet. 
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